H3C ACL主要有三种:
标准ACL: 2000-2999,基于源IP地址分配;
高级ACL:3000-3999,基于源目IP地址分配,报文优先级等三、四层信息;
二层ACL:4000-4999,基于源目MAC地址,链路层协议等二层信息
XXX涉及的ACL:高级ACL和二层ACL
高级ACL:例如过滤源IP段为10.192.0.0 0.63.255.255 访问10.252.20.8
#
创建ACL---------
acl advanced 3001
rule 0 permit ip source 10.192.0.0 0.63.255.255 destination 10.252.20.8 0
应用到端口上-----
interface GigabitEthernet1/0/1
packet-filter 3001 outbound
验证:
Dis acl 3001
Advanced IPv4 ACL 3001, 1 rule,
ACL's step is 5
rule 0 permit ip source 10.192.0.0 0.63.255.255 destination 10.252.20.8 0(5 times matched)
二层ACL:例如匹配源mac为1111-1111-1111的主机访问2222-2222-2222的终端;
acl mac 4001
rule 0 permit source-mac 1111-1111-1111 ffff-ffff-ffff dest-mac 2222-2222-2222 ffff-ffff-ffff
interface GigabitEthernet1/0/2
packet-filter mac 4001 outbound